The Internet Corporation for Assigned Names and Numbers (ICANN) announced the launch of an audit program aimed at reviewing how registrars are fulfilling their contractual obligations related to addressing reports of potentially abusive domains. This audit follows the 2019 audit program that included all active registry operators, with the objective of understanding how registries were fulfilling their contractual obligations relating to the performance of Security Threats Reporting.
On 11 January 2021, ICANN Contractual Compliance sent pre-audit notifications to the registrars selected for the audit. The selected registrars will receive a Request for Information (RFI) on 25 January 2021 containing the audit questions. The audit includes those registrars that either:
- Had at least five (5) domains listed in November 2020 by public reputation blocklists (RBLs). The RBLs identified these domains as potentially being used to perpetrate phishing, malware and/or command and control botnet abuse and/or
- Had domains identified in the Security Threat Reports received in the 2019 Registry Operator Compliance Audit Program.
Of the more than 2,380 ICANN-accredited registrars, ICANN identified only 153 that had more than five potentially abusive domains listed in RBLs reviewed in November 2020. The RFIs will ask registrars to provide any documentation related to how they may have addressed the potentially abusive domains.
ICANN Contractual Compliance intends to complete the audit before the end of 3Q 2021.